| 103.9.227.189:9215/admin/auth | 103.9.227.189 | 200 OK | 4.1 kB |
URL User Request GET HTTP/1.1103.9.227.189:9215/admin/auth IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
File typeHTML document, ASCII text, with very long lines (998) Hashc87c7dbafb776996499c821c63aad80c bd100b174e3ac04c205cce1984cf8dc2f01a4283 578c582c1c1041c5fd0da47fba2c12f5015c88b93872b0331de726ac5885e1db
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /admin/auth HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, private
Date: Fri, 10 May 2024 12:12:53 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; expires=Fri, 10-May-2024 14:12:53 GMT; Max-Age=7200; path=/; samesite=lax
sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D; expires=Fri, 10-May-2024 14:12:53 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Content-Encoding: gzip
|
|
| 103.9.227.189:9215/css/pages/login/classic/login-4.css | 103.9.227.189 | 200 OK | 187 B |
URL GET HTTP/1.1103.9.227.189:9215/css/pages/login/classic/login-4.css IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeASCII text, with very long lines (709), with no line terminators Hash451d5819b8d6a6227f7a1b29563c4dbd 8a967c4721dc524329b363215e9aceae666453e5 ed51b1541c6588c02138c65df4f67fc0d5241743236f081f04b1ef1aafa703c0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/pages/login/classic/login-4.css HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:53 GMT
Content-Type: text/css
Last-Modified: Mon, 04 Mar 2024 02:42:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65e534fb-2c5"
Content-Encoding: gzip
|
|
| 103.9.227.189:9215/plugins/custom/prismjs/prismjs.bundle.css | 103.9.227.189 | 200 OK | 672 B |
URL GET HTTP/1.1103.9.227.189:9215/plugins/custom/prismjs/prismjs.bundle.css IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeASCII text, with very long lines (1768), with no line terminators Hash2ffa18d5dbfb3fac179e88d5125461da 2836671b83d9b878c3065bfb1b4a83cbfbffe4f9 ab6d25ace5d148ea5cac7959e054f7fa594307c7cccacce27e61474051fe2124
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /plugins/custom/prismjs/prismjs.bundle.css HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:53 GMT
Content-Type: text/css
Last-Modified: Mon, 04 Mar 2024 02:42:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65e534fb-6e8"
Content-Encoding: gzip
|
|
| 103.9.227.189:9215/css/themes/layout/brand/dark.css | 103.9.227.189 | 200 OK | 333 B |
URL GET HTTP/1.1103.9.227.189:9215/css/themes/layout/brand/dark.css IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeASCII text, with very long lines (1566), with no line terminators Hash408942391e2ccd4fad7514e0bb28abb3 24911f7c1629b8191303a025ec67ac7466f9d34a b65a35199b9648ad6f5587e25fa9e23d2c5111a77ac99de74b64ba6efbc79a71
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/themes/layout/brand/dark.css HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:54 GMT
Content-Type: text/css
Last-Modified: Mon, 04 Mar 2024 02:42:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65e534fb-61e"
Content-Encoding: gzip
|
|
| 103.9.227.189:9215/css/themes/layout/header/menu/light.css | 103.9.227.189 | 200 OK | 1.7 kB |
URL GET HTTP/1.1103.9.227.189:9215/css/themes/layout/header/menu/light.css IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeASCII text, with very long lines (37444), with no line terminators Hashbd679a215da35bcc5919484047529ed3 b2298c700b1f1b4cdb0b5f5c7a6cdba4aace12e3 3b306896e764a23e827cd4ce2fb56d33e608b14207aa774327dc864ba8c1de1a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/themes/layout/header/menu/light.css HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:54 GMT
Content-Type: text/css
Last-Modified: Mon, 04 Mar 2024 02:42:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65e534fb-9244"
Content-Encoding: gzip
|
|
| 103.9.227.189:9215/css/themes/layout/aside/dark.css | 103.9.227.189 | 200 OK | 2.3 kB |
URL GET HTTP/1.1103.9.227.189:9215/css/themes/layout/aside/dark.css IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeASCII text, with very long lines (55707), with no line terminators Hash387931b6fea8840fa5a1a84367205e44 85dbd431a879574c00f106b7463dc7a625d43527 2571da5e0e8cfa8cf8460da7e5dcc2c130b69c58fba12517a88f590870db727b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/themes/layout/aside/dark.css HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:54 GMT
Content-Type: text/css
Last-Modified: Mon, 04 Mar 2024 02:42:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65e534fb-d99b"
Content-Encoding: gzip
|
|
| 103.9.227.189:9215/plugins/custom/prismjs/prismjs.bundle.js | 103.9.227.189 | 200 OK | 6.9 kB |
URL GET HTTP/1.1103.9.227.189:9215/plugins/custom/prismjs/prismjs.bundle.js IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18394), with no line terminators Hashba4480245fccb452db31045d160d32ab 107be000e6e136236be4231e4398246ed16970c3 efa6d33eb6524dd7dca7f1ee70cd50dd7e3f7dafdaf4ebfcea012031b5e9d800
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /plugins/custom/prismjs/prismjs.bundle.js HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:54 GMT
Content-Type: application/javascript
Last-Modified: Mon, 04 Mar 2024 02:42:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65e534fb-47e0"
Content-Encoding: gzip
|
|
| 103.9.227.189:9215/plugins/custom/jqueryform/jquery.form.js | 103.9.227.189 | 200 OK | 12 kB |
URL GET HTTP/1.1103.9.227.189:9215/plugins/custom/jqueryform/jquery.form.js IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeJavaScript source, ASCII text Hash08a24670beb2eae7ef79a6d5ac23874b eca8a1978457941622833130e92b9b274e2b3a36 3a16fd80d67008f1c947cf93ebb20e2af2ed1a6317e194d35ed15046076c4211
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /plugins/custom/jqueryform/jquery.form.js HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:54 GMT
Content-Type: application/javascript
Last-Modified: Wed, 17 Jan 2024 05:48:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65a76a1b-ab74"
Content-Encoding: gzip
|
|
| 103.9.227.189:9215/css/themes/layout/header/base/light.css | 103.9.227.189 | 200 OK | 486 B |
URL GET HTTP/1.1103.9.227.189:9215/css/themes/layout/header/base/light.css IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeASCII text, with very long lines (3423), with no line terminators Hashec30f1847eeded2f21c8e77e1ea63c43 86f910b3395ce0c1edb2f98fcbae83cc44c91def 989cdd6cbde6ea0cfda11c7cdabf562c6815616883933d0e2486bd7fc043ef1e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/themes/layout/header/base/light.css HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:54 GMT
Content-Type: text/css
Last-Modified: Mon, 04 Mar 2024 02:42:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65e534fb-d5f"
Content-Encoding: gzip
|
|
| 103.9.227.189:9215/js/scripts.bundle.js | 103.9.227.189 | 200 OK | 33 kB |
URL GET HTTP/1.1103.9.227.189:9215/js/scripts.bundle.js IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeJavaScript source, ASCII text, with very long lines (65464) Hash3531dc273301b3c952b962b3681fab89 19fa4be28d389280dee4b8c7e4a80c0909c6e532 033137fa229399ae785d0bdac264f1ff7f8a32b7ba17670e9d0b0b20f7088559
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/scripts.bundle.js HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:54 GMT
Content-Type: application/javascript
Last-Modified: Mon, 04 Mar 2024 02:42:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65e534fb-21dfc"
Content-Encoding: gzip
|
|
| 103.9.227.189:9215/plugins/global/plugins.bundle.css | 103.9.227.189 | 200 OK | 72 kB |
URL GET HTTP/1.1103.9.227.189:9215/plugins/global/plugins.bundle.css IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeASCII text, with very long lines (25405) Hash79176bcc6417ca7d09ac5283ebd92cfb 0f74a0f7af720382e22c1075a2fd5dae8d766940 709c33247f004a9d114b288a9c2d7ccccbc0ac09c9b07b7f43fbf56dd45471b6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /plugins/global/plugins.bundle.css HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:53 GMT
Content-Type: text/css
Last-Modified: Mon, 04 Mar 2024 02:42:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65e534fb-64caa"
Content-Encoding: gzip
|
|
| 103.9.227.189:9215/css/style.bundle.css | 103.9.227.189 | 200 OK | 144 kB |
URL GET HTTP/1.1103.9.227.189:9215/css/style.bundle.css IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeASCII text, with very long lines (65324) Size144 kB (143903 bytes) Hashde6da347b33dc2ba9d8b9d4a527f120d 4e4252ed15aaa511b4e15dffbe7070a9240fae2f e00aa7fc49bb332958dafd0cf18afee4b332ac3f435b3ecdc4006afbdbfac0c5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/style.bundle.css HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:53 GMT
Content-Type: text/css
Last-Modified: Mon, 04 Mar 2024 02:42:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65e534fb-16985b"
Content-Encoding: gzip
|
|
| fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2 | 216.58.207.227 | 200 OK | 7.9 kB |
URL GET HTTP/2fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2 IP216.58.207.227:443
Requested byhttp://103.9.227.189:9215/admin/auth CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 7884, version 1.0 Hash9212f6f9860f9fc6c69b02fedf6db8c3 ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b 7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://103.9.227.189:9215
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 19:57:12 GMT
expires: Fri, 09 May 2025 19:57:12 GMT
cache-control: public, max-age=31536000
age: 58466
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 | 216.58.207.227 | 200 OK | 7.7 kB |
URL GET HTTP/2fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 IP216.58.207.227:443
Requested byhttp://103.9.227.189:9215/admin/auth CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 7748, version 1.0 Hasha09f2fccfee35b7247b08a1a266f0328 0da2d17e738f46d2a09e6fb7969da451719a9820 cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://103.9.227.189:9215
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 03:25:26 GMT
expires: Wed, 07 May 2025 03:25:26 GMT
cache-control: public, max-age=31536000
age: 290772
last-modified: Fri, 22 Mar 2024 00:01:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 103.9.227.189:9215/media/logos/village.png | 103.9.227.189 | 200 OK | 35 kB |
URL GET HTTP/1.1103.9.227.189:9215/media/logos/village.png IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typePNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced Hash2a1623c01b7cb492064a2d44bd162647 d1552cb3564d86a363a1450cb101452ea91e4d59 b1e7aed77d73acfc0fdbba0c95eb1384c3b752b118de6bea9f2ff72d4f7fff7d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/logos/village.png HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:56 GMT
Content-Type: image/png
Content-Length: 35431
Last-Modified: Wed, 17 Jan 2024 05:48:11 GMT
Connection: keep-alive
ETag: "65a76a1b-8a67"
Accept-Ranges: bytes
|
|
| 103.9.227.189:9215/media/bg/bg-3.jpg | 103.9.227.189 | 200 OK | 245 kB |
URL GET HTTP/1.1103.9.227.189:9215/media/bg/bg-3.jpg IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3 Size245 kB (244652 bytes) Hash6ecf79dbb9a59248510d64773993254e 846117172907fd7137b1ba8de3698b2cd1133af1 6163c8b018d3ee10e886c249a8a34a2a3920fd94af60cf93b36c838c0637e847
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/bg/bg-3.jpg HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:57 GMT
Content-Type: image/jpeg
Content-Length: 244652
Last-Modified: Wed, 17 Jan 2024 05:48:10 GMT
Connection: keep-alive
ETag: "65a76a1a-3bbac"
Accept-Ranges: bytes
|
|
| 103.9.227.189:9215/media/logos/favicon.ico | 103.9.227.189 | 200 OK | 1.2 kB |
URL GET HTTP/1.1103.9.227.189:9215/media/logos/favicon.ico IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash6329798aad91752c4c2c9a50549e4384 c48837e2c47ce4a5ff24f3d8771a20b22ea141b4 46d43c0b4c994c74b07c2b7bb1e44abbf11916bc8be9929b52c57974ffb882c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /media/logos/favicon.ico HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:13:01 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Wed, 17 Jan 2024 05:48:11 GMT
Connection: keep-alive
ETag: "65a76a1b-47e"
Accept-Ranges: bytes
|
|
| 103.9.227.189:9215/plugins/global/plugins.bundle.js | 103.9.227.189 | 200 OK | 614 kB |
URL GET HTTP/1.1103.9.227.189:9215/plugins/global/plugins.bundle.js IP103.9.227.189:9215 ASN#131724 DISKOMINFO PROV. JAWA TENGAH
Requested byhttp://103.9.227.189:9215/admin/auth
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65462) Size614 kB (613939 bytes) Hashb4d44b32756e3841a1829f0ed4d0ea5f dd02951c7325dd962ccf99b9af15790ee9df024a cca7f2b84502f5e0d3cc6fbc4b0bf2784629ed9575aa13f2c5a07f07b4202019
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /plugins/global/plugins.bundle.js HTTP/1.1
Host: 103.9.227.189:9215
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/admin/auth
Cookie: XSRF-TOKEN=eyJpdiI6InFJLzd2dEMzcWlwUEpkaE9yRUFDeVE9PSIsInZhbHVlIjoiWWlPcjNLR0xWeVpzRHR1QW1KdHZic2ZTZm9VeC9OeTNhUnREU1lpTDdBVEh2TFEzMFlrbnIzVHFDa0FyWUFFOGd3SDJuTE9ZTWpWMkhRUDQ3YnpSUEFIYkJ3OHBtVFFCaGdNaVRxV0NpRzhQbVVDWXZ4YnZQbmNGL3dzOGRkVHAiLCJtYWMiOiJjNzk4MDZkM2QwOTI2YjQ1MTRmMTcyZDU0OGRiNDFjN2VkY2QxYzI3ZWE3ZjY3ZmU3ZTEzYjY4YzNlY2RlM2E2In0%3D; sibad_provinsi_jateng_session=eyJpdiI6IlM5OUUyeEU2OHZwWnYvVHFXOU9sMkE9PSIsInZhbHVlIjoiMFdDYlRmSnlXUVBEZ3QzQmlpZEN5bHZUcDRjRUJtcXhwbE55ZUh0anp1YU16cDJIU1hyRTF1N1RwZTlhZXNCQy9tR25uVG5oV05Lc1dkWngwcWNmT3JSQnJrQXZ3RXhlVkMvR2RNdVhlNDdrNk95dDBwZ3lzSW1rSTFHS1ZCNTAiLCJtYWMiOiI0YmJmMzllMWI3ZWFmYjc2M2E5YzRjYmJiMWRiMTllZmFlNDZjOWU0MjE0YzVmZTM4YTM3ZTRlZjg4NzZiZTJlIn0%3D
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 12:12:54 GMT
Content-Type: application/javascript
Last-Modified: Mon, 04 Mar 2024 02:42:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65e534fb-23e882"
Content-Encoding: gzip
|
|
| fonts.googleapis.com/css?family=Poppins:300,400,500,600,700 | 142.250.74.106 | 200 OK | 3.7 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Poppins:300,400,500,600,700 IP142.250.74.106:443
Requested byhttp://103.9.227.189:9215/admin/auth CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File typeASCII text, with very long lines (3797), with no line terminators Hash2de80c49354221f05389fa6389669f9f bec15f30773c634590d200b69209742c5d9d048a d9ba19e5daf8dff7a0ecc6979bbea6ebb5edac3233da68560687fa6c8f9091d9
GET /css?family=Poppins:300,400,500,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://103.9.227.189:9215/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 12:11:35 GMT
date: Fri, 10 May 2024 12:11:35 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|